If an existing "wpa_psk_file" is passed to hostapd, the "key" option may
be omitted.
While we're at it, also improve the passphrase length checking to ensure
that it is either exactly 64 bytes or 8 to 63 bytes.
Fixes: FS#2689
Ref: https://github.com/openwrt/openwrt/pull/3283
Suggested-by: Michael Jones <mike@meshplusplus.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add a dependency on kmod-nls-base for the new exfat driver. Otherwise
the build fails on ramips and ath79 on kernel 5.4:
Package kmod-fs-exfat is missing dependencies for the following libraries:
nls_base.ko
Fixes commit cd41234d2f ("exfat: add out of tree module")
Signed-off-by: David Bauer <mail@david-bauer.net>
The board name is equivalent to the compatible, not the device
definition. Fix it.
Fixes: b4588c8538 ("kernel/om-watchdog: Apply device renames from ramips")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The sbutarget has testing support for kernel 5.4 for quite a while
and builds fine, however, only one devices there is > 4 MiB.
Since it's unlikely to get a Tested-by for that device, and the other
ralink subtargets appear to be working with 5.4 so far, let's set
this target to 5.4 by default as well.
That way, even if the device happens to break, we'll still have at
least usable SDK and IB for people to use.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
When comparing to the port assignment in board.d/02_network, many
devices seem to use the wrong setup of mediatek,portmap.
The corrects the values for mt7620 subtarget based on the location
of the wan port.
A previous cleanup of obviously wrong values has already been done in
d3c0a94405 ("ramips: mt7620/mt7621: remove invalid mediatek,portmap")
Cc: Sungbo Eo <mans0n@gorani.run>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Add package which provides size optimized wpad with support for just
WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[adapt to recent changes, add dependency for WPA_WOLFSSL config]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
For ramips/mt7621, the wpad-basic package is not selected by default,
but added for every device individually as needed.
While this might be technically correct if the SoC does not come with
a Wifi module, only 18 of 97 devices for that platform are set up
_without_ wpad-basic currently.
Therefore, it seems more convenient to add wpad-basic by default for
the subtarget and then just remove it for the 18 mentioned devices,
instead of having to add it for about 60 times instead.
This would also match the behavior of the 5 other subtargets, where
wpad-basic/wpad-mini is added by default as well, and thus be more
obvious to developers without detailed SoC knowledge.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
When passing a section or option value to config_get() which contains
characters that happen to be valid variable interpolation expressions,
the function returns a nonsensical expression result instead of the
expected empty string.
When the passed section or option name contains other characters which
are not valid within a shell variable name, a substitution error is
occuring instead.
The issue can be easily reproduced by one of the following examples:
root@OpenWrt:~# . /lib/functions.sh
root@OpenWrt:~# config load system
root@OpenWrt:~# config_get variable invalid-section option
root@OpenWrt:~# echo "$variable"
section_option:-
root@OpenWrt:~# . /lib/functions.sh
root@OpenWrt:~# config load system
root@OpenWrt:~# config_get variable section invalid-option
root@OpenWrt:~# echo "$variable"
option:-
root@OpenWrt:~# . /lib/functions.sh
root@OpenWrt:~# config load system
root@OpenWrt:~# config_get variable section invalid@option
-ash: eval: syntax error: bad substitution
Fix this issue by only performing interpolations when the given section
and option arguments are free of illegal characters.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Before this commit, if uci option "dnssec" was set, we pass "--dnssec"
and friends to dnsmasq, let it start and decide whether to quit and
whether to emit message for diagnosis
# dnsmasq --dnssec; echo $?
dnsmasq: DNSSEC not available: set HAVE_DNSSEC in src/config.h
1
DNSSEC as a feature is different from others like dhcp, tftp in that
it's a security feature. Better be explicit. With this change
committed, we make it so by not allowing it in the first in the
initscript, should dnsmasq later decides to not quit (not likely) or
quit without above explicit error (unlikely but less so ;)
So this is just being proactive. on/off choices with uci option
"dnssec" are still available like before
Link: https://github.com/openwrt/openwrt/pull/3265#issuecomment-667795302
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
By using localtime() to determine the timestamp that goes into factory
images, the resulting image depends on the timezone of the build system.
Use gmtime() instead, which results in more reproducible images.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The target has testing support for kernel 5.4 for quite a while,
compiles fine for all devices, and has been run-tested on Asus
RT-N56U successfully.
Let's set it to kernel 5.4 by default to increase the audience
before an 20.xx stable branch.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Eneas U de Queiroz <cotequeiroz@gmail.com> [Asus RT-N56U]
This allows better context for board patches and we no longer need a
downstream patch for that.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The patch adding support for the second LED HW blinking interval has been
merged (linux 5.9).
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
47a9f0d service: add method to query available container features
afbaba9 initd: attempt to mount cgroup2
ead60fe jail: use pidns semantics also for timens
759e9f8 jail: make use of BLOBMSG_CAST_INT64 for OCI rlimits
83053b6 instance: add instances into unified cgroup hierarchy
16159bb jail: parse OCI cgroups resources
282ff0c jail: only free cgroups if they were allocated
ab55357 jail: fix freeing cgroups avl
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This patch adds support for the WNDR4300TN, marketed by Belgian ISP
Telenet. The hardware is the same as the WNDR4300 v1, without the
fifth ethernet port (WAN) and the USB port. The circuit board has
the traces, but the components are missing.
Specifications:
* SoC: Atheros AR9344
* RAM: 128 MB
* Flash: 128 MB NAND flash
* WiFi: Atheros AR9580 (5 GHz) and AR9344 (2.4 GHz)
* Ethernet: 4x 1000Base-T
* LED: Power, LAN, WiFi 2.4GHz, WiFi 5GHz, WPS
* UART: on board, to the right of the RF shield at the top of the board
Installation:
* Flashing through the OEM web interface:
+ Connect your computer to the router with an ethernet cable and browse
to http://192.168.0.51/
+ Log in with the default credentials are admin:password
+ Browse to Advanced > Administration > Firmware Upgrade in the Telenet
interface
+ Upload the Openwrt firmware: openwrt-ath79-nand-netgear_wndr4300tn-squashfs-factory.img
+ Proceed with the firmware installation and give the device a few
minutes to finish and reboot.
* Flashing through TFTP:
+ Configure your wired client with a static IP in the 192.168.1.x range,
e.g. 192.168.1.10 and netmask 255.255.255.0.
+ Power off the router.
+ Press and hold the RESET button (the factory reset button on the bottom
of the device, with the gray circle around it, next to the Telenet logo)
and turn the router on while keeping the button pressed.
+ The power LED will start flashing orange. You can release the button
once it switches to flashing green.
+ Transfer the image over TFTP:
$ tftp 192.168.1.1 -m binary -c put openwrt-ath79-nand-netgear_wndr4300tn-squashfs-factory.img
Signed-off-by: Davy Hollevoet <github@natox.be>
[use DT label reference for adding LEDs in DTSI files]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Specification:
- CPU: MediaTek MT7620N (580 MHz)
- Flash size: 4 MB NOR SPI
- RAM size: 32 MB DDR1
- Bootloader: U-Boot
- Wireless: MT7620N 2x2 MIMO 802.11b/g/n (2.4 GHz)
- Switch: MT7620 built-in 10/100 switch with vlan support
- Ports: 4x LAN, 1x WAN
- Others: 7x LED, Reset button, UART header on PCB (57600 8N1)
Flash instructions:
1. Use ethernet cable to connect router with PC/Laptop, any router
LAN port will work.
2. To flash openwrt we are using nmrpflash[1].
3. Flash commands:
First we need to identify the correct Ethernet id.
nmrpflash -L
nmrpflash -i net* -f openwrt-ramips-mt7620-netgear_jwnr2010-v5-squashfs-factory.img
This will show something like "Advertising NMRP server on net*..." (net*, *=1,2,3... etc.)
4. Now remove the power cable from router back side and immediately connect it again.
You will see flash notification in CMD window, once it says reboot the device just
plug off the router and plug in again.
Revert to stock:
1. Download the stock firmware from official netgear support[2].
2. Follow the same nmrpflash procedure like above, this time just use the stock firmware.
nmrpflash -i net* -f N300-V1.1.0.54_1.0.1.img
MAC addresses on stock firmware:
LAN = *:28 (label)
WAN = *:29
WLAN = *:28
On flash, the only valid MAC address is found in factory 0x4.
Special Note:
This openwrt firmware will also support other netgear N300 routers like below as they
share same stock firmware[3].
JNR1010v2 / WNR614 / WNR618 / JWNR2000v5 / WNR2020 / WNR1000v4 / WNR2020v2 / WNR2050
[1] https://github.com/jclehner/nmrpflash
[2] https://www.netgear.com/support/product/JWNR2010v5.aspx
[3] http://kb.netgear.com/000059663
Signed-off-by: Shibajee Roy <ador250@protonmail.com>
[create DTSI, use netgear_sercomm_nor, disable by default, add MAC
addresses to commit message, add label MAC address]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This option was a spi nor hack which is dropped in commit bcf4a5f474
("ramips: remove chunked-io patch and set spi->max_transfer_size instead")
Most of it has already been removed in
be2b61e4f1 ("ramips: drop m25p,chunked-io from dts")
It seems all current usages were added after that. Remove them.
Cc: Chuanhong Guo <gch981213@gmail.com>
Reported-by: Sungbo Eo <mans0n@gorani.run>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Like NAND-based devices, SPI-NOR based Netgear devices also share
a common setup for their images. This creates a common defition
for them in image/Makefile, so it can be reused across subtargets.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
47a9f0d service: add method to query available container features
afbaba9 initd: attempt to mount cgroup2
ead60fe jail: use pidns semantics also for timens
759e9f8 jail: make use of BLOBMSG_CAST_INT64 for OCI rlimits
83053b6 instance: add instances into unified cgroup hierarchy
16159bb jail: parse OCI cgroups resources
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Linkit Smart 7688 and Onion Omega 2(+) are one-port devices, and
have their port set to LAN by default. Setting up a WAN MAC address
for them doesn't make any sense, as no wan interface will be created
in uci config. Despite, these devices also set lan_mac in 02_network,
although mtd-mac-address sets a different address for the ethernet
interface in DTS.
Clean this up by moving the lan_mac value into DTS and dropping the
entries in 02_network completely. That way, the effective address
on the LAN interface should stay the same, but we get rid of the
extra (re)assignments.
As I don't have access to the devices, this does not tell anything
about whether 0x2e is actually a good choice, it just preserves
the existing assignment.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
WIZnet WizFi630s has three mac addresses in the factory partition:
0x04 (also on the label), 0x28 for wan mac and 0x2e as lan mac.
All three macadresses are sequential series of addresses.
This is making use of them.
While at it, also add the label MAC address to 02_network.
MAC addresses as verified by OEM firmware:
use interface source
WLAN ra0 factory 0x04 (label)
WAN eth0.2 factory 0x28 (label + 1)
LAN eth0.1 factory 0x2e (label + 2)
Signed-off-by: Tobias Welz <tw@wiznet.eu>
[fix sorting in 02_network, commit message adjustments]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
WizFi630S had some pins changed in the release version of the board.
The run led, wps button and a slide switch where affected.
This patch is correcting this.
i2c is removed as it is sharing a pin with the run (system) led.
uart2 is enabled as it is also enabled in the OEM firmware.
Signed-off-by: Tobias Welz <tw@wiznet.eu>
Refresh config with make kernel_oldconfig.
After d1a8217d87 ("kernel: clean-up build-configurable kernel
config symbols"), the routine wants to add an additional
CONFIG_CGROUPS (=n), which has been removed manually again, as
this seems unintended.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Remapping the local build path in debug information makes debugging
using ./scripts/remote-gdb harder, because files no longer refer to the full
path on the build host.
For local builds, debug information does not need to be reproducible,
since it will be stripped out of packages anyway.
For buildbot builds, it makes sense to keep debug information reproducible,
since the full path is not needed (nor desired) anywhere.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Testmode commands are typically only used for manufacturing or vendor specific
debugging features, so they should not be in the default image
Signed-off-by: Felix Fietkau <nbd@nbd.name>
With the introduction of the generic OpenVPN hotplug mechanism, wrapped
--up and --down scripts got the wrong amount and order of arguments passed,
breaking existing configurations and functionality.
Fix this issue by passing the same amount of arguments in the same expected
order as if the scripts were executed by the OpenVPN daemon directly.
Ref: https://github.com/openwrt/openwrt/pull/1596#issuecomment-668935156
Fixes: 8fe9940db6 ("openvpn: add generic hotplug mechanism")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This package provides the necessary files to translate `config dsa_vlan`
and `config dsa_port` sections of `/etc/config/network` into appropriate
bridge vlan filter rules.
The approach of the configuration is to bridge all DSA ports into a logical
bridge device, called "switch0" by default, and to set VLAN port membership,
tagging state and PVID as specified by UCI on each port and on the switch
bridge device itself, allowing logical interfaces to reference port VLAN
groups by using "switch0.N" as ifname, where N denotes the VLAN ID.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
RT3x5x seems to work fine with kernel 5.4. Set the default kernel
version to 5.4 to bring this to a broader audience.
Since 4 of 6 targets are on kernel 5.4 now, invert the kernel
version setup logic in Makefile/target.mk files.
Tested on ZyXEL Keenetic.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
[invert version setup logic]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
WIZnet WizFi630s board name is written slightly different it its OEM
OpenWrt firmware. This causes an incompatibility warning during flashing
with sysupgrade. This patch is adding the vendor board name to the
supported devices list to avoid this warning. For initial flashing you
can use sysupgrade via command line or luci beside of TFTP.
Do not keep the OEM configuration during sysupgrade.
Signed-off-by: Tobias Welz <tw@wiznet.eu>